Comments on: BBC Unleashes Botnet For ‘Investigation’ http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Bogwitch http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-135162 Bogwitch Fri, 20 Mar 2009 13:32:55 +0000 http://www.darknet.org.uk/?p=1590#comment-135162 After reading more in-depth, it does appear that the BBC is in breach of the Computer Misuse Act insofar as they installed a wallpaper. The accusation that the BBC is more responsible than security researchers carries little weight with me - security researchers will try always attempt to keep within the law - something that the BBC decided not to. I have been trying to find a sample of the wallpaper that the BBC distributed but I have not been successful thus far, if anyone has a source, please provide it! As for the suggestion that the BBC explained to users that they were infected with a trojan, it is worth noting that the BBC intentionally picked non-UK/USA based computers for this demonstration, where the use of the English language will be less. They did nothing to prevent the computers from being re-infected via the same vectors. The cynic in me thinks that they selected non-UK/USA computers to prevent posible litigation. It is noted that the Police in the UK will not act unless a complaint is made by a victim... After reading more in-depth, it does appear that the BBC is in breach of the Computer Misuse Act insofar as they installed a wallpaper. The accusation that the BBC is more responsible than security researchers carries little weight with me – security researchers will try always attempt to keep within the law – something that the BBC decided not to.
I have been trying to find a sample of the wallpaper that the BBC distributed but I have not been successful thus far, if anyone has a source, please provide it!
As for the suggestion that the BBC explained to users that they were infected with a trojan, it is worth noting that the BBC intentionally picked non-UK/USA based computers for this demonstration, where the use of the English language will be less. They did nothing to prevent the computers from being re-infected via the same vectors.
The cynic in me thinks that they selected non-UK/USA computers to prevent posible litigation. It is noted that the Police in the UK will not act unless a complaint is made by a victim…

]]> By: dio http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134891 dio Thu, 19 Mar 2009 14:43:24 +0000 http://www.darknet.org.uk/?p=1590#comment-134891 I have blogged extensively about this on www(.dot)conanthedestroyer(.dot)net Arguments about how they broke the law are a complete farce. Security researchers do this all the time but do not want people to know about it because they want to reserve that right for themselves. All the while they sell products to fix the problem, but in actuality they are wholly ineffective. I applaud and completely stand by the BBC action. What did they do? They took 22k bots off the network. What did any of the security companies do lately? Watch, monitor, report. Doesnt sound like action to me guys. Better luck next time. Read my blog for more on cyberwar and cybercrime aspects of this nefarious scourge. I have blogged extensively about this on www(.dot)conanthedestroyer(.dot)net

Arguments about how they broke the law are a complete farce. Security researchers do this all the time but do not want people to know about it because they want to reserve that right for themselves. All the while they sell products to fix the problem, but in actuality they are wholly ineffective.

I applaud and completely stand by the BBC action. What did they do? They took 22k bots off the network. What did any of the security companies do lately? Watch, monitor, report. Doesnt sound like action to me guys. Better luck next time.

Read my blog for more on cyberwar and cybercrime aspects of this nefarious scourge.

]]> By: navin http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134655 navin Wed, 18 Mar 2009 16:50:02 +0000 http://www.darknet.org.uk/?p=1590#comment-134655 For those interested in this story: Man behind BBC botnet defends decision: http://www.techradar.com/news/internet/man-behind-bbc-botnet-defends-decision-586251 While Expert Says Its Unjustifiable: http://www.techradar.com/news/internet/bbc-botnet-is-unjustifiable-says-expert-586256 For those interested in this story:

Man behind BBC botnet defends decision:
http://www.techradar.com/news/internet/man-behind-bbc-botnet-defends-decision-586251

While Expert Says Its Unjustifiable:
http://www.techradar.com/news/internet/bbc-botnet-is-unjustifiable-says-expert-586256

]]> By: gVibe06 http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134548 gVibe06 Wed, 18 Mar 2009 01:58:14 +0000 http://www.darknet.org.uk/?p=1590#comment-134548 I was hoping this was the angle you would take. I kind of have this fishy feeling that the BBC did a little more than they reported. Would you be able to resist spending a pile of cash if no one was watching and guaranteed getting away with it? I was hoping this was the angle you would take. I kind of have this fishy feeling that the BBC did a little more than they reported. Would you be able to resist spending a pile of cash if no one was watching and guaranteed getting away with it?

]]> By: ethicalhack3r http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134457 ethicalhack3r Tue, 17 Mar 2009 14:11:52 +0000 http://www.darknet.org.uk/?p=1590#comment-134457 You also need to consider which laws were broke in the countries in which the computers resided. If the BBC can get away with it, why cant the average citisen? Its completely illegal and unethical. You also need to consider which laws were broke in the countries in which the computers resided.

If the BBC can get away with it, why cant the average citisen? Its completely illegal and unethical.

]]> By: Bogwitch http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134408 Bogwitch Tue, 17 Mar 2009 09:21:59 +0000 http://www.darknet.org.uk/?p=1590#comment-134408 There is a possibility that this was an offence under Paragraph 3, subsection (1)(b), Subsection (2)(b) applies that 'to impair the operation of any computer;' of the Computer Misuse Act 1990 it can be argued that the actions taken by the BBC may have impaired the operation of computers by way of reduced bandwidth available or CPU cycles available. That said, the act stipulates that there must be 'an intent to cause a modification of the contents of any computer' OK, where do you draw the line at modification? The action the BBC took would cause a modification to the volatile ram of the systems running, it is even possible that some code was swapped to the hard disk, although I doubt there would be an intention to cause the data to be swapped. By the BBC lawyer definition, if I were to take over a botnet and use if for e.g. massively parallel hash cracking would I not be breaking the law? There is a possibility that this was an offence under Paragraph 3, subsection (1)(b), Subsection (2)(b) applies that ‘to impair the operation of any computer;’ of the Computer Misuse Act 1990

it can be argued that the actions taken by the BBC may have impaired the operation of computers by way of reduced bandwidth available or CPU cycles available.

That said, the act stipulates that there must be ‘an intent to cause a modification of the contents of any computer’

OK, where do you draw the line at modification? The action the BBC took would cause a modification to the volatile ram of the systems running, it is even possible that some code was swapped to the hard disk, although I doubt there would be an intention to cause the data to be swapped.

By the BBC lawyer definition, if I were to take over a botnet and use if for e.g. massively parallel hash cracking would I not be breaking the law?

]]> By: ashish http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134390 ashish Tue, 17 Mar 2009 07:58:25 +0000 http://www.darknet.org.uk/?p=1590#comment-134390 good article, thanks for this useful info, I have dug and stumbled this article. I will keep visiting for more useful information. good article, thanks for this useful info, I have dug and stumbled this article. I will keep visiting for more useful information.

]]> By: erik http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134234 erik Mon, 16 Mar 2009 16:09:28 +0000 http://www.darknet.org.uk/?p=1590#comment-134234 I like Lenny Zelter's name for this: British Botnet Corp ... lol Linky: http://www.eweek.com/c/a/Security/The-British-Botnet-Corporation-324874/?kc=rss I like Lenny Zelter’s name for this: British Botnet Corp … lol

Linky: http://www.eweek.com/c/a/Security/The-British-Botnet-Corporation-324874/?kc=rss

]]> By: james http://www.darknet.org.uk/2009/03/bbc-unleashes-botnet-for-investigation/#comment-134178 james Mon, 16 Mar 2009 11:41:08 +0000 http://www.darknet.org.uk/?p=1590#comment-134178 Yeah we just blogged about the same program and how it could be used in the SEO world to take down competitors websites. The scariest thing was how cheap they can buy the computers for!! As long as they have not caused any damage to computers but their own, I would of thought this is common practice for security or anti virus companies? Surely they need to do these tests in order to understand how the cyber criminals work? Yeah we just blogged about the same program and how it could be used in the SEO world to take down competitors websites.
The scariest thing was how cheap they can buy the computers for!!
As long as they have not caused any damage to computers but their own, I would of thought this is common practice for security or anti virus companies? Surely they need to do these tests in order to understand how the cyber criminals work?

]]>